summaryrefslogtreecommitdiffstats
path: root/net/third_party
diff options
context:
space:
mode:
authordavidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-08-19 23:12:12 +0000
committerdavidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-08-19 23:12:12 +0000
commit6f9ebd9f3a6e14139a3e28d9bd415cc250e644d5 (patch)
tree2846cbd1efffada03ae9f87cc5df46caf1c78e07 /net/third_party
parentd2586b55a1e253f23d91517e0d757bacb7223435 (diff)
downloadchromium_src-6f9ebd9f3a6e14139a3e28d9bd415cc250e644d5.zip
chromium_src-6f9ebd9f3a6e14139a3e28d9bd415cc250e644d5.tar.gz
chromium_src-6f9ebd9f3a6e14139a3e28d9bd415cc250e644d5.tar.bz2
Give keys friendly names in NSS and OS X
This will make them browsing them easier in Keychain Access and certutil. It also gives them a more useful name in Keychain permission dialogs. The friendly name is currently just the hostname which requested the key. It would be nice to have some surrounding text with localization, but this works for now. BUG=none TEST=none Review URL: http://codereview.chromium.org/2806045 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56774 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
-rw-r--r--net/third_party/mozilla_security_manager/nsKeygenHandler.cpp17
-rw-r--r--net/third_party/mozilla_security_manager/nsKeygenHandler.h4
2 files changed, 20 insertions, 1 deletions
diff --git a/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp b/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp
index ffef66d..99d5206 100644
--- a/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp
+++ b/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp
@@ -48,9 +48,11 @@
#include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo()
#include "base/base64.h"
+#include "base/logging.h"
#include "base/nss_util_internal.h"
#include "base/nss_util.h"
-#include "base/logging.h"
+#include "base/string_util.h"
+#include "googleurl/src/gurl.h"
namespace {
@@ -94,6 +96,7 @@ namespace mozilla_security_manager {
// in mozilla/security/manager/ssl/src/nsKeygenHandler.cpp.
std::string GenKeyAndSignChallenge(int key_size_in_bits,
const std::string& challenge,
+ const GURL& url,
bool stores_key) {
// Key pair generation mechanism - only RSA is supported at present.
PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; // from nss/pkcs11t.h
@@ -171,6 +174,18 @@ std::string GenKeyAndSignChallenge(int key_size_in_bits,
goto failure;
}
+ // Set friendly names for the keys.
+ if (url.has_host()) {
+ // TODO(davidben): Use something like "Key generated for
+ // example.com", but localize it.
+ const std::string& label = url.host();
+ {
+ base::AutoNSSWriteLock lock;
+ PK11_SetPublicKeyNickname(publicKey, label.c_str());
+ PK11_SetPrivateKeyNickname(privateKey, label.c_str());
+ }
+ }
+
// The CA expects the signed public key in a specific format
// Let's create that now.
diff --git a/net/third_party/mozilla_security_manager/nsKeygenHandler.h b/net/third_party/mozilla_security_manager/nsKeygenHandler.h
index 75703bb..ae1f5a3 100644
--- a/net/third_party/mozilla_security_manager/nsKeygenHandler.h
+++ b/net/third_party/mozilla_security_manager/nsKeygenHandler.h
@@ -42,6 +42,8 @@
#include <string>
+class GURL;
+
namespace mozilla_security_manager {
#define DEFAULT_RSA_KEYGEN_PE 65537L
@@ -52,9 +54,11 @@ namespace mozilla_security_manager {
// Parameters:
// key_size_in_bits: key size in bits (usually 2048)
// challenge: challenge string sent by server
+// url: the URL which requested the SPKAC
// stores_key: should the generated key pair be stored persistently?
std::string GenKeyAndSignChallenge(int key_size_in_bits,
const std::string& challenge,
+ const GURL& url,
bool stores_key);
} // namespace mozilla_security_manager